On Wed, 10 Nov 2021 02:06:42 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> When set on the command line `jdk.serialFilter` to an invalid value, the >> invalid value is logged but the application is allowed to start without >> setting the filter. >> This leaves the application without the protections of the serial filter. >> The specification should be clarify that an `ExceptionInInitializerError` is >> thrown when the `jdk.serialFilter` system property is set on the command >> line to an invalid value. > > src/java.base/share/classes/java/io/ObjectInputFilter.java line 528: > >> 526: * The filter is created as if {@link #createFilter(String) >> createFilter} is called; >> 527: * if the filter string is invalid, an {@link >> ExceptionInInitializerError} is thrown. >> 528: * Otherwise, the filter is not configured during initialization and > > Hello Roger, the new line looks good to me. However, with this new line now > staying between the "If the Java virtual machine ..." and the "Otherwise, > ..." lines, I had to re-read this "Otherwise, the filter is not ..." line a > few times to see which "if" it corresponds to, because there's a "if the > filter string is invalid" on the previous line. > Do you think these lines might have to be rearranged? Good suggestion, I'll take that up in a new issue related to incomplete initialization. ------------- PR: https://git.openjdk.java.net/jdk/pull/6317